Set up OpenVPN on Centos 5

I’ve decided to setup OpenVPN on my VPS to save me from having a lot of SSH tunnels to the VPS.

First thing I needed to do was to log into my VPS control panel (vePortal)  and enable “Tun/Tap” this will make the “/dev/net/tun” device visible inside OpenVZ. You may or may not need to do that.

Commands are in Italics.

Next thing was to add the RPMForge repo
Download the rpm.
# wget ( I am running 64bit)
Import the GPG key for the repo
# rpm –import
Check to see if the downloaded RPM is tampered with.
# rpm -K rpmforge-release-0.5.2-2.el5.rf.*.rpm
Install the RPM
# rpm -i rpmforge-release-0.5.2-2.el5.rf.*.rpm

Now you can install OpenVPN.
# yum install openvpn.x86_64

Now we need to configure the server.

Find where the easy-rsa files are located
# find / -name easy-rsa
That should return a full path to where the easy-rsa directory and tools are, we need to copy them to “/etc/openvpn”
# cp -R /usr/share/doc/openvpn-2.1.4/easy-rsa /etc/openvpn
Change into the following directory and edit the “vars” file
# cd /etc/openvpn/easy-rsa/2.0
Edit the vars file
# vim vars
You must change at last the following to match your setup:-
export KEY_CITY=
export KEY_ORG=
export KEY_EMAIL=

Source the vars file,
# source ./vars
Clean any existing builds
# ./clean-all
Build the CA
# ./build-ca

Next we need to build the server keys
# ./build-key-server server

Then we build the client key
# ./build-key client (you can call this what eve you want)

Lastly we build the Diffie Hellman key
# ./build-dh

Lets relocate the keys we just made.
Copy the following three files to your client “ca.crt client.crt client.key”

Copy the following server keys to “/etc/openvpn”
# cp ca.crt ca.key dh1024.pem server.crt server.key /etc/openvpn

Now we need to configure the server. Copy over a template.
# cp /usr/share/doc/openvpn-2.1.4/sample-config-files/server.conf /etc/openvpn/

This is what my config looks like, its very smilar to the example config.
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
ifconfig-pool-persist ipp.txt
keepalive 10 120
status openvpn-status.log
verb 3
tun-mtu 1500
mssfix 1400
cipher AES-128-CBC

Start the server
# /etc/init.d/openvpn start
Check /var/log/message , you should see “Initialization Sequence Completed”
You also should now see a “tun0” interface under ifconfig

Set it to start on boot.
# chkconfig openvpn on


2 Responses to “Set up OpenVPN on Centos 5”

  1. Jamal Says:

    Why am I getting permission denied errors when trying to run #source ./vars or #./clean-all etc? I am logged in as the root user on the server.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: